Comments

Yann,
On Sun, Aug 12, 2018 at 9:22 AM Yann E. MORIN <yann.morin.1998@free.fr> wrote:
>> Michal, All,>> On 2018-08-10 16:03 +0200, sojkam1@fel.cvut.cz spake thusly:> > From: Michal Sojka <sojka@merica.cz>> >> > This adds one column to the legal-info manifest table. It contains the> > dependencies of the given package and their licenses. This information> > is useful when assessing license compatibility of the packages and> > their libraries.> >> > An example of the content of the new column for the MPD package is> > shown below:> >> > "alsa-lib [LGPL-2.1+ (library), GPL-2.0+ (aserver)], boost> > [BSL-1.0], libid3tag [GPL-2.0+], libmad [GPL-2.0+], libogg> > [BSD-3-Clause], libvorbis [BSD-3-Clause], libzlib [Zlib],> > skeleton-init-common [unknown], skeleton-init-sysv [unknown],> > sqlite [Public domain], toolchain-external-linaro-arm [unknown], ">> I believe this is a very good addition to the manifest. Good idea! :-)>> The trailing comma is ugly, though. I would just drop the coma> altogether...>> And here, I have two spaces between each packages:>> "alsa-lib [LGPL-2.1+ (library), GPL-2.0+ (aserver)], boost> [BSL-1.0], libid3tag [GPL-2.0+], libmad [GPL-2.0+], [...]">> > Signed-off-by: Michal Sojka <sojka@merica.cz>> > ---> > Changes against v1:> > * switched parameters of legal-manifest (added one is the last)>> Actually, I disagree with that one: it is OK that new parameters be> added before the last, especially since the 'legal-manifest' macro> would be easier to review, see below...
If we change the format of the legal info csv, is there someway we
could determine version of that file's syntax? I assume worst case we
can parse out the first line and see the additional dependencies
entry?
I'm concerned about external tools impact to changing this file's
format. I'm sure there are others that use this file for CVE
analysis and legal reporting.
Matt

Matthew, All,
On 2018-08-13 08:40 -0500, Matthew Weber spake thusly:
> On Sun, Aug 12, 2018 at 9:22 AM Yann E. MORIN <yann.morin.1998@free.fr> wrote:> > On 2018-08-10 16:03 +0200, sojkam1@fel.cvut.cz spake thusly:
[--SNIP--]
> > > Changes against v1:> > > * switched parameters of legal-manifest (added one is the last)> > Actually, I disagree with that one: it is OK that new parameters be> > added before the last, especially since the 'legal-manifest' macro> > would be easier to review, see below...> > If we change the format of the legal info csv, is there someway we> could determine version of that file's syntax? I assume worst case we> can parse out the first line and see the additional dependencies> entry?
So, I am not arguing that we should change the output at all.
What I am saying is that the _list_of_parameters_ can be reorganised,
while still keeping the output as before.
I.e. the 'legal-manifest' macro could be rewrittent from the current:
define legal-manifest # pkg, version, license, license-files, source, url, {HOST|TARGET}
echo '"$(1)","$(2)","$(3)","$(4)","$(5)","$(6)"' >>$(LEGAL_MANIFEST_CSV_$(7))
endef
to this new one:
define legal-manifest # {HOST|TARGET}, pkg, version, license, license-files, source, url, dependencies
echo '"$(2)","$(3)","$(4)","$(5)","$(6)","$(7)","$(8)"' >>$(LEGAL_MANIFEST_CSV_$(1))
endef
Regards,
Yann E. MORIN.